Posted
by
BeauHDon Friday December 09, 2016 @05:00AM
from the out-of-the-woodwork dept.

Trailrunner7 quotes a report from On the Wire: Malware gangs, like sad wedding bands bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is based on the venerable Zeus source code and is being used to infect point-of-sale systems, among other targets. Flashpoint conducted the analysis of Floki Bot with Cisco's Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge. Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate. "During our analysis of Floki Bot, Talos identified modifications that had been made to the dropper mechanism present in the leaked Zeus source code in an attempt to make Floki Bot more difficult to detect. Talos also observed the introduction of new code that allows Floki Bot to make use of the Tor network. However, this functionality does not appear to be active for the time being," Cisco's Talos team said in its analysis.

Posted
by
BeauHDon Thursday December 08, 2016 @07:45PM
from the bite-off-more-than-one-can-chew dept.

An anonymous reader quotes a report from The Verge: Yik Yak has laid off 60 percent of employees amid a downturn in the app's growth prospects, The Verge has learned. The three-year-old anonymous social network has raised $73.5 million from top-tier investors on the promise that its young, college-age network of users could one day build a company to rival Facebook. But the challenge of growing its community while moving gradually away from anonymity has so far proven to be more than the company could muster. Employees who were affected were informed of the layoffs Thursday morning, sources told The Verge. Yik Yak employed about 50 people, and now only about 20 remain, the company said. The community, marketing, design, and product teams were all deeply affected, one source said. Atlanta-based Yik Yak was founded in 2014 by Furman University students Tyler Droll and Brooks Buffington. The app updated the concept of dorm newsletters for the mobile era, letting anyone post comments about school, their campus, or life in general. The fact that comments were anonymous initially helped the app grow, as it encouraged more candid forms of sharing than students might otherwise post on Facebook or Instagram.

Posted
by
BeauHDon Thursday December 08, 2016 @06:25PM
from the money-back-guaranteed dept.

An anonymous reader quotes a report from Network World: Some 2.7 million ATT customers will share $88 million in compensation for having had unauthorized third-party charges added to their mobile bills, the Federal Trade Commission announced this morning. The latest shot in the federal government's years-long battle against such abuses, these refunds will represent the most money ever recouped by victims of what is known as "mobile cramming," according to the FTC. From an FTC press release: "Through the FTC's refund program, nearly 2.5 million current ATT customers will receive a credit on their bill within the next 75 days, and more than 300,000 former customers will receive a check. The average refund amount is $31. [...] According to the FTC's complaint, ATT placed unauthorized third-party charges on its customers' phone bills, usually in amounts of $9.99 per month, for ringtones and text message subscriptions containing love tips, horoscopes, and 'fun facts.' The FTC alleged that ATT kept at least 35 percent of the charges it imposed on its customers." The matter with ATT was originally made public in 2014 and also involved two companies that actually applied the unauthorized charges, Tatto and Acquinity.

Posted
by
msmash
on Thursday December 08, 2016 @01:50PM
from the security-woes dept.

Microsoft's Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers at Symantec, who have seen a surge in associated threats. From a report on ComputerWeekly: More than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious, with 111 threat families using PowerShell. Malicious PowerShell scripts are on the rise, as attackers are using the framework's flexibility to download their payloads, traverse through a compromised network and carry out reconnaissance, according to Candid Wueest, threat researcher at Symantec.

Posted
by
msmash
on Wednesday December 07, 2016 @12:20PM
from the security-woes dept.

Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price, PCWorld reports. From the article: One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday. The second hard-coded password is for the root account that could be used to take full control of the camera over Telnet. The researchers established that the password is static based on its cryptographic hash and, while they haven't actually cracked it, they believe it's only a matter of time until someone does. Sony released a patch to the affected camera models last week.

Posted
by
msmash
on Wednesday December 07, 2016 @09:40AM
from the sales-figures dept.

Sony today shared sales figures of the PlayStation 4, saying the gaming console surpassed 50 million units as of this week. The console was launched in November 2013, and hit 40 million sales mark in May this year. In a statement, the company said, via GameSpot: "We're truly delighted that the PS4 community continues to flourish since launch three years ago," Sony Interactive Entertainment boss Andrew House said in a statement. "With tremendous support from our fans and partners across the globe, this year we were able to deliver an unprecedented lineup of hardware, including the new slimmer PS4, PS4 Pro, and PlayStation VR. We will continue to provide the best gaming experiences available through our ground-breaking software lineup and network services, as we focus on accelerating our business and expanding the PS4 ecosystem."According to an estimate Nvidia provided in August, Microsoft's Xbox One has an install base of 29 million.

Posted
by
msmash
on Tuesday December 06, 2016 @11:00AM
from the business-as-usual dept.

Security experts consider the aging FTP and Telnet protocols unsafe, and HP has decided to clamp down on access to networked printers through the remote-access tools. From a report on PCWorld: Some of HP's new business printers will, by default, be closed to remote access via protocols like FTP and Telnet. However, customers can activate remote printing access through those protocols if needed. "HP has started the process of closing older, less-maintained interfaces including ports, protocols and cipher suites" identified by the U.S. National Institute of Standards and Technology as less than secure, the company said in a statement. In addition, HP also announced firmware updates to existing business printers with improved password and encryption settings, so hackers can't easily break into the devices.

Posted
by
EditorDavid
on Sunday December 04, 2016 @02:39PM
from the BOFH dept.

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked.
An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.
Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015).
Prugar's two-year prison sentence begins December 27.

Posted
by
EditorDavid
on Saturday December 03, 2016 @09:39PM
from the not-finding-your-iPhone dept.

An anonymous reader quotes ComputerWorld:
Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner... One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. [Security researcher] Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.

The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it... "After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock," he said in a blog post.
There's also a five-minute video on YouTube which purports to show a newer version of the same attack.

Posted
by
BeauHDon Friday December 02, 2016 @09:05PM
from the alternative-energy dept.

An anonymous reader quotes a report from ValueWalk: Nikola Motor Company just unveiled a huge class 8 truck which will run on hydrogen fuel cells. Nikola claimed that the truck's operational range will be as much as 1,200 miles (1,900 km), and it will be released in 2020. Nikola designed the Nikola One for long-haul transport across a large landmass. The truck will deliver over 1,000 horsepower and 2,000 foot-pounds of torque. Provided these claims are true, the vehicle will provide nearly double the power of the current-gen diesel-powered semis/articulated lorries, notes Ars Technica. The leasing cost of the trucks will include the fuel price, servicing costs and warranty, but exactly how the lease will work is not known now, notes Ars Technica. The company says it has already accepted nearly $3 billion in future orders. A fully-electric drivetrain which gets power from high-density lithium batteries runs the vehicle, and a hydrogen fuel cell charges the batteries on the go. Its reach is presently limited, as hydrogen fueling stations currently exist in only small numbers. This made Nikola decide to construct a network of 364 hydrogen fueling stations across the U.S. and Canada, just like Tesla with its network of Superchargers. Milton claims it will come with a smart dashboard which has the capability of picking the most cost-efficient route for drivers. Also one or two full-size beds will be included inside the vehicle's enormous cab. It will have other luxuries and necessities as well, such as Wi-Fi, a refrigerator, 4G LTE connectivity, freezer, a 40-inch curved 4K TV with Apple TV and a microwave.

Posted
by
BeauHDon Friday December 02, 2016 @06:20PM
from the real-news dept.

Reuters has built an algorithm called News Tracer that flags and verifies breaking news on Twitter. The algorithm weeds through all 500 million tweets that are posted on a daily basis to "sort real news from spam, nonsense, ads, and noise," writes Corinne Iozzio via Popular Science: In development since 2014, reports the Columbia Journalism Review, News Tracer's work starts by identifying clusters of tweets that are topically similar. Politics goes with politics; sports with sports; and so on. The system then uses language-processing to produce a coherent summary of each cluster. What differentiates News Tracer from other popular monitoring tools, is that it was built to think like a reporter. That virtual mindset takes 40 factors into account, according to Harvard's NiemanLab. It uses information like the location and status of the original poster (e.g. is she verified?) and how the news is spreading to establish a "credibility" rating for the news item in question. The system also does a kind of cross-check against sources that reporters have identified as reliable, and uses that initial network to identify other potentially reliable sources. News Tracer can also tell the difference between a trending hashtag and real news. The mix of data points News Tracer takes into account means it works best with actual, physical events -- crashes, protests, bombings -- as opposed to the he-said-she-said that can dominate news cycles.

Posted
by
msmash
on Friday December 02, 2016 @11:40AM
from the they-know-what-you-did-last-summer,-too dept.

Facebook is gathering information about the shows Roku and Apple TV owners are streaming. The company then uses the Facebook profile linked to the same IP addresses to tailor the commercials that are shown to individual users. From a report on Bloomberg: For the past few weeks, the social network says, it's been targeting ads to people streaming certain shows on their Roku or Apple TV set-top boxes. It customizes commercials based on the Facebook profiles tied to the IP addresses doing the streaming, according to a company spokesman. He says Facebook is trying out this approach with the A&E network (The Killing, Duck Dynasty) and streaming startup Tubi TV, selecting free test ads for nonprofits or its own products along with a handful of name brands. This push is part of a broader effort by social media companies to build their revenue with ads on video. Twitter is placing much of its ad-sales hopes on streaming partnerships with sports leagues and other content providers. In October, CFO Anthony Noto told analysts on an earnings call that the ads played during Twitter's NFL Thursday Night Football streaming exclusives had been especially successful, with many people watching them in their entirety with the sound turned on. The participants in these partnerships don't yet have a default answer to questions such as who should be responsible for selling the ads or who should get which slice of revenue.

Posted
by
BeauHDon Friday December 02, 2016 @08:00AM
from the man-in-the-middle dept.

AirDroid is a popular Android application that allows users to send and receive text messages and transfer files and see notifications from their computer. Zimperium, a mobile security company, recently released details of several major security vulnerabilities in the application, allowing attackers on the same network to access user information and execute code on a user's device. Since there are between 10 and 50 million installations of the app, many users may be imperiled by AirDroid. Android Police reports: The security issues are mainly due to AirDroid using the same HTTP request to authorize the device and send usage statistics. The request is encrypted, but uses a hardcoded key in the AirDroid application (so essentially, everyone using AirDroid has the same key). Attackers on the same network an intercept the authentication request (commonly known as a Man-in-the-middle attack) using the key extracted from any AirDroid APK to retrieve private account information. This includes the email address and password associated with the AirDroid account. Attackers using a transparent proxy can intercept the network request AirDroid sends to check for add-on updates, and inject any APK they want. AirDroid would then notify the user of an add-on update, then download the malicious APK and ask the user to accept the installation. Zimperium notified AirDroid of these security flaws on May 24, and a few days later, AirDroid acknowledged the problem. Zimperium continued to follow up until AirDroid informed them of the upcoming 4.0 release, which was made available last month. Zimperium later discovered that version 4.0 still had all these same issues, and finally went public with the security vulnerabilities today.

Posted
by
BeauHDon Thursday December 01, 2016 @10:30PM
from the largest-ever dept.

plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named "Avalanche," estimated to have involved as many as 500,000 infected computers worldwide on a daily basis. A Europol release says: "The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked." Sean Gallagher writes via Ars Technica: "The domains seized have been 'sinkholed' to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the U.S. portion of the takedown. 'The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,' the FBI and DOJ said in their joint statement. In 2010, an Anti-Phishing Working Group report called out Avalanche as 'the world's most prolific phishing gang,' noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). 'During that time, it targeted more than 40 major financial institutions, online services, and job search providers,' APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time."

Posted
by
BeauHDon Thursday December 01, 2016 @06:55PM
from the duck-for-cover dept.

Back in February, researchers at UC Berkeley released an app called MyShake that detects strong earthquakes seconds before the damaging seismic waves arrive. Several months have passed since its release and app has already detected over 200 earthquakes in more than ten countries. TechCrunch reports: The app has received nearly 200,000 downloads, though only a fraction of those are active at any given time; it waits for the phone to sit idle so it can get good readings. Nevertheless, over the first six months the network of sensors has proven quite effective. "We found that MyShake could detect large earthquakes, but also small ones, which we never thought would be possible," one of the app's creators, Qingkai Kong, told New Scientist. A paper describing the early results was published in Geophysical Research Letters -- the abstract gives a general idea of the app's success: "On a typical day about 8000 phones provide acceleration waveform data to the MyShake archive. The on-phone app can detect and trigger on P waves and is capable of recording magnitude 2.5 and larger events. The largest number of waveforms from a single earthquake to date comes from the M5.2 Borrego Springs earthquake in Southern California, for which MyShake collected 103 useful three-component waveforms. The network continues to grow with new downloads from the Google Play store everyday and expands rapidly when public interest in earthquakes peaks such as during an earthquake sequence." You can download the app for Android here.

Posted
by
msmash
on Wednesday November 30, 2016 @02:38PM
from the shape-of-things-to-come dept.

A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government's hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump. Reuters adds: Democratic Senator Ron Wyden attempted three times to delay the changes which, will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate's second-ranking Republican. The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.

Posted
by
msmash
on Wednesday November 30, 2016 @01:56PM
from the trump-nation dept.

President-elect Donald Trump will have access to a system which can send unblockable texts to every phone in the United States once he becomes the president. From a report on NYMag: These 90-character messages, known as Wireless Emergency Alerts (or WEAs), are part of a program put in place after Congress passed the Warning, Alert, and Response Network (WARN) Act, in 2006. WEAs allow for targeted messages to be sent to every cell phone getting a signal from certain geographically relevant cell towers (or, in a national emergency, all of them). While it'd be a true nightmare to get screeching alerts from your phone that "Loser Senate Democrats still won't confirm great man Peter Thiel to Supreme Court. Sad!", there are some checks and balances on this. While President-elect Trump hasn't shown much impulse control when it comes to his favorite mass-messaging service, Twitter, the process for issuing a WEA isn't as simple as typing out a 90-character alert from a presidential smartphone and hitting "Send." All WEAs must be issued through FEMA's Integrated Public Alert Warning System, meaning that an emergency alert from the president still has at least one layer to pass through before being issued. While FEMA is under control of the executive branch (the head of FEMA is selected by the president, and reports to the Department of Homeland Security), the agency would have a vested interest in not seeing their alert system bent toward, uh, non-emergency ends.

Posted
by
msmash
on Wednesday November 30, 2016 @11:03AM
from the smells-fishy dept.

Photo-filter app Prisma, the popular program which makes pictures and video look like painterly art, had its access to Facebook's Live Video API revoked this month. From a report on NYMag:According to Prisma, Facebook justified choking off Prisma's access by stating, "Your app streams video from a mobile device camera, which can already be done through the Facebook app. The Live Video API is meant to let people publish live video content from other sources such as professional cameras, multi-camera setups, games or screencasts." This is the implied aim of Facebook's video API, the technical entry point for producers to pump video into Facebook's network: The API is meant for broadcasting setups that are not phone-based. The problem is that none of this is explained in Facebook's documentation for developers. In fact, it states the opposite. Here is the very first question from the company's Live API FAQ: "The Live API is a data feed and the "glue" needed to create higher-quality live videos on Facebook. It allows you to send live content directly to Facebook from any camera."

Posted
by
BeauHDon Tuesday November 29, 2016 @09:05PM
from the thank-God-for-backups dept.

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.

Posted
by
BeauHDon Tuesday November 29, 2016 @05:00PM
from the it-takes-two-to-tango dept.

An anonymous reader quotes a report from The Verge: BMW Group, Daimler AG, Ford, and Volkswagen have entered into a partnership to create a network of high-speed charging stations for electric vehicles across Europe. The new chargers will be capable of doling out up to 350 kW of power -- which would make them almost three times as powerful as Tesla's Supercharging stations. The result will be "the highest-powered charging network in Europe," according to a statement released by the manufacturers. The automakers say that construction will begin in 2017 with "about 400 sites" being targeted, and that the network will have "thousands of high-powered charging points" available by 2020. Those four major conglomerates will be "equal partners" in the joint venture, but according to the statement they are encouraging other manufacturers to "participate in the network." One of the reasons for bothering to call on other automakers to hook into this system is because there's a standards war happening with fast charging networks. The charging network announced today will use the Combined Charging System (CCS) technology, which is what that most major automakers already use for their EVs. But Nissan, Toyota, and Honda are notable holdouts from CCS, because many of their EVs and plug-in hybrids use a competing standard known as CHAdeMO.